FossID Workbench

What is FossID Workbench?

FossID supports software auditing and compliance. FossID’s Software Composition Analysis (SCA) tool, Workbench, and professional services are designed to ensure comprehensive open source compliance and security in software development.

Software Composition Analysis (SCA)

FossID Workbench enables precise identification of open source components and vulnerabilities. It integrates into software development cycles, providing license recognition, proactive security checks, and detailed compliance reporting. FossID Workbench is available across various industries, and helps to ensure that organizations can confidently meet their legal, security, and operational needs in open source software management.

Comprehensive Scanning
Creates a thorough and complete softwarebill of materials that catalogs all open source in use, regardless of how it made its way into the codebase.
Detailed Reporting
Ensures distribution compliance by generating reports, notices files, and copyright statements.
Integration & Extensibility
Features custom workflows, performing administrative tasks, generating reports, and more with the API.
Governance & Administration
Provides granular visibility and access to different teams and roles with robust RBAC.
Flexible Deployment
FossID Workbench is available either On-Prem or with Hybrid Deployment

Categories & Use Cases

Software Composition Analysis (SCA)

Screenshot of a scan of repositories that detects all Free and Open Source Software (FOSS) from complete components, packages, and libraries to small snippets of open source.

Screenshot of a Software Bill of Materials (SBOMs). FossID Workbench can automatically export and import Software Package Data Exchange (SPDX) reports containing license text, copyright statements, vulnerabilities and even snippet level information.

Screenshot of a presentation of license-related risks in software that helps to remain compliant. Workbench detects over 2000 different licenses encountered overed years of open source auditing from strong/weak copyleft to the most obscure source-available and non-commercial licenses. Workbench helps users to understand all license related risks that could affect your products and services.

Screenshot of Workbench’s comprehensive policy management that can prevent usage of strong/weak copyleft or source-available software licenses in products and services.

Screenshot of VulnSnippet Finder: Snippet detection for vulnerable open source snippets. FossID’s Knowledge Base snippet detection capabilities include special detection of vulnerable open source snippets. While most security scanners assume open source vulnerabilities based on component and version, VulnSnippet Finder bases its search on the exact lines of code/snippets that make software vulnerable.

1 / 5

Screenshot of a scan of repositories that detects all Free and Open Source Software (FOSS) from complete components, packages, and libraries to small snippets of open source.

Technical Details

Technical Details
Deployment Types	On-Premise, SaaS
Operating Systems	Windows, Linux, Mac
Mobile Application	No
Supported Countries	Global
Supported Languages	English, Japanese

Downloads

FossID Workbench provides a single interface to manage all FOSS (Free and Open-Source Software) analysis and SBOM (Software Bill of Materials) reporting.
PDF

What are FossID Workbench's top competitors?

Black Duck Software Composition Analysis (SCA), Veracode, and Mend SCA are common alternatives for FossID Workbench.

Who uses FossID Workbench?

The most common users of FossID Workbench are from Enterprise.